Hi, I'm using a client side handler to sign a SOAP message before it is sent to the axis web. Which seems to work fine, I can verify the signature validity after signing it. But when the web service receives this message it fails to validate the signature and throws a NullPointerException. My server side handler code looks like this:
public class VerificationHandler extends BasicHandler { static { org.apache.xml.security.Init.init(); } public void invoke(MessageContext ctx) throws AxisFault { try { String BaseURI = "http://xml-security"; Message req_msg = ctx.getRequestMessage(); Document doc=req_msg.getSOAPEnvelope().getAsDocument(); Element nsctx = doc.createElement("nsctx"); nsctx.setAttribute("xmlns:ds", Constants.SignatureSpecNS); Element signatureElem=(Element)XPathAPI.selectSingleNode(doc,"//ds:Signature",nsctx); if(signatureElem==null) { System.out.println("The document is not signed"); throw new RemoteException("Document is not signed!"); } XMLSignature sig=new XMLSignature(signatureElem, BaseURI); SignedInfo sinfo = sig.getSignedInfo(); PublicKey pubkey = sig.getKeyInfo().getPublicKey(); System.out.println("checking..."); boolean valid=sig.checkSignatureValue(pubkey); // <---FAILS HERE--- System.out.println("done"); if(!valid) { System.out.println("The document signature was forged!"); throw new RemoteException("The document signature was forged!"); } else System.out.println("The document signature is VALID!"); } catch(Exception e) { throw AxisFault.makeFault(e); } } } The strange thing is that sometimes it works and sometimes it throws an exception, I spent a whole day debuging but couldn't figure out what makes it behave like that. Anyone has any ideas? Thanks in advance. Andrius